White Papers
Using LDAP or LDAP+GSSAPI
LDAP is a standards‑based, cross‑platform, extensible protocol that runs directly on top of the TCP/IP layer. It
is used to access information stored in a specially organized information directory. It can interact with many
dierent kinds of databases without special integration, making it more flexible than other authentication
methods.
LDAP+GSSAPI is used when you want your transmission to be always secure. Instead of authenticating directly
with the LDAP server, the user is
first
authenticated with a Kerberos to obtain a Kerberos ticket. This ticket is
presented to the LDAP server using the GSSAPI protocol for access. LDAP+GSSAPI is typically used for networks
running Active Directory®.
Notes:
• LDAP+GSSAPI requires a Kerberos network account. For more information, see “Creating a Kerberos
login method” on page 16.
• Supported printers can store a maximum of five unique LDAP or LDAP+GSSAPI login methods. Each
method must have a unique name.
• Administrators can create up to 32 user‑
defined
groups that apply to each unique login method.
• LDAP and LDAP+GSSAPI relies on an external server for authentication. If the server is down, then users
are not able to access the printer using LDAP or LDAP+GSSAPI.
• To help prevent unauthorized access, log out from the printer after each session.
Creating an LDAP or LDAP+GSSAPI login method
1 From the Embedded Web Server, click Settings > Security > Login Methods.
2 From the Network Accounts section, click Add Login Method > LDAP.
3 Select the authentication type.
• LDAP
• LDAP+GSSAPI
4 Configure the settings.
General Information
•
Setup Name—Type a unique name for the LDAP network account.
• Server Address—Type the IP address or the host name of the LDAP server.
• Server Port—Enter the port where LDAP queries are sent.
Note: If you are using SSL, then use port 636. Otherwise, use port 389.
• Required User Input—Select the required LDAP authentication credentials used when logging in to the
printer. This setting is available only in the LDAP setup.
• Use Integrated Windows Authentication—Select one of the following:
– Do not use
– Use if available—Use Windows® operating system authentication credentials, if available.
– Require—Use only Windows operating system authentication credentials.
Note: This setting is available only in the LDAP+GSSAPI setup.
Managing login methods 14